2ND GLITCH REPORTED IN NET BROWSER : MICROSOFT PREPARING PATCH TO CORRECT BUG.

Byline: Tim Klass Associated Press Associated Press: see news agency.

Associated Press (AP)

Cooperative news agency, the oldest and largest in the U.S. and long the largest in the world.

Another security flaw has turned up in Microsoft's Internet Explorer Microsoft's Web browser, which comes with Windows starting with Windows 98. Commonly called "IE," versions for Mac and Unix are also available. Internet Explorer is the most widely used Web browser on the market. It has also been the browser engine in AOL's Internet access software. browser which, like one found earlier in the week, could enable a Web site operator to wreak havoc in someone else's computer.

Double-clicking on icons to run programs as in normal Windows operations, the defect would allow the operator to run programs secretly on another computer, send electronic mail under someone else's name, severely damage software stored on a hard drive or wipe out the hard drive altogether.

``It could be the hard drive of any computer out there on the Internet,'' said David Ross David Ross refers to:

David Ross (Martial Artist), (born 1969), an American teacher and disciple of the late Lama Pai and Choy Lay Fut Grandmaster, Chan Tai San

, a University of Maryland University of Maryland can refer to:

University of Maryland, College Park, a research-extensive and flagship university; when the term "University of Maryland" is used without any qualification, it generally refers to this school

student who reported the latest defect.

``Scary, isn't it?'' said Dan Kusnetzky, director of the client server environments program at International Data Corp. in Framingham, Mass., after hearing a technical description of the flaw.

The most virulent potential from the bug, identified in Internet Explorer 3.0, is for users running Windows NT (Windows New Technology) A 32-bit operating system from Microsoft for Intel x86 CPUs. NT is the core technology in Windows 2000 and Windows XP (see Windows). Available in separate client and server versions, it includes built-in networking and preemptive multitasking. 4.0 with Service Pack 1 or 2 who are not protected by firewalls, computer security barriers typically used by large business customers to prevent unauthorized entry through cyberspace.

That makes it a much more narrow problem than the previous glitch A temporary or random hardware malfunction. It is possible that a bug in a program may cause the hardware to appear as if it had a glitch in it and vice versa. At times it can be extremely difficult to determine whether a problem lies within the hardware or the software. See glitch attack. , found in Internet Explorer versions 3.0 and 3.01 for the Windows 95 and Windows NT 4.0 operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. .

Kusnetzky said the maximum number of Windows NT machines from which someone could take advantage of the flaw is 500,000 to 750,000, and the actual number is probably much lower, while the maximum for the earlier problem is more than 48 million machines.

At the same time, NT operators ``are probably more sophisticated users. They are probably running much more network-oriented programs,'' he said. ``They are probably the people who are most likely to be affected by an Internet-oriented problem.''

No customers have reported security breaches from either flaw, said David Fester fester /fes·ter/ (fes´ter) to suppurate superficially.

fes·ter
v.
1. To ulcerate.

2. To form pus; putrefy.

n.
An ulcer. , product manager for the Internet platforms division at Microsoft Corp.'s world headquarters in Redmond, Wash.

``This (latest flaw) is a really difficult thing to reproduce,'' Fester said. ``For somebody to do this is very difficult.

``At the same time, I don't mean to minimize this in any way. We're moving very rapidly to fix that.''

A software patch to close the newest potential breach should be available for free downloads on the World Wide Web within 48 hours, Fester said.

The patch Microsoft developed to fix the previous problem won't fix the new one, he added.

Ross, a senior majoring in computer science from Randallstown, Md., reported it Thursday to Microsoft and described it on the Web, complete with point-and-click examples for Internet Explorer users with Windows NT.

By clicking on an Internet address known as a universal resource locater, or URL URL
in full Uniform Resource Locator

Address of a resource on the Internet. The resource can be any type of file stored on a server, such as a Web page, a text file, a graphics file, or an application program. , Internet Explorer calls up a window within the browser. The defect can allow a knowledgeable user to create another window through which the he can run programs on other computers remotely.

COPYRIGHT 1997 Daily News
No portion of this article can be reproduced without the express written permission from the copyright holder.

Reader Opinion

Article Details
Printer friendly Cite/link Email Feedback
Title Annotation:	BUSINESS
Publication:	Daily News (Los Angeles, CA)
Geographic Code:	1USA
Date:	Mar 8, 1997
Words:	487
Previous Article:	STUDIOS PROJECT PAYOFF IN YEAR-ROUND BIG FILMS.
Next Article:	BUSINESS NOTES.
Topics:	Computer software industry Software Software industry

Related Articles
Desktop tech support.
Bugs: "a change in what the market expects." (interview with BugNet editor Bruce Brown)(Interview)
ITAA WARNS PUBLIC OF SWEEPING 'CODE RED' INTERNET WORM.
MICROSOFT TEAM TOILS TO SOLVE BROWSER FLAW.
MICROSOFT POSTS REPAIR KIT TO REMEDY SECURITY FLAWS.
Microsoft plays down SP2 security glitches.
Automated patching: an easier approach to managing your network security.
Third busy patch month for Microsoft.
Bug hunters turn the tables on software makers.